Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Ross

Archived
  • Posts

    52
  • Joined

  • Last visited

Everything posted by Ross

  1. If you don't want customers to be able to click on the "Return this product" link to get to the return_product page and then easily go in the URL, change order_id=xxx to any number they want and bring up another customer's info, you need to add if (!isset($HTTP_GET_VARS['order_id']) || (isset($HTTP_GET_VARS['order_id']) && !is_numeric($HTTP_GET_VARS['order_id']))) { tep_redirect(tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL')); } $customer_info_query = tep_db_query("select customers_id from " . TABLE_ORDERS . " where orders_id = '". (int)$HTTP_GET_VARS['order_id'] . "'"); $customer_info = tep_db_fetch_array($customer_info_query); if ($customer_info['customers_id'] != $customer_id) { tep_redirect(tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL')); } after if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } in return_product.php. It may be required in other files as well if it was missed, but I haven't gotten that far in my "modding". Make this change ASAP if it hasn't been covered in this thread already...
  2. You need to add any new files to the array in functions/administrators.php with the corresponding box it goes under. So if a contribution needs to access a new file called "filename.php" under the "Tools" box, in the $aADMPages array, add: 'filename.php' => 'tools.php', HTH,
  3. Yes, the queries are made before the redirect, so the DB changes will be made before the page loads. The header ("Location: ....) redirects are hard coded. The admin folder was not inside the catalog folder when they were made which may be causing the problem. It definitely sounds like it is just looking in the wrong place for the file on redirect. You can open the file and hard code the correct path to the beginning of the header redirects (ie. ../catalog/admin/administrators.php... or something like ('Location: ' . DIR_WS_ADMIN . 'administrators.php...') or even switch the header (Location:) redirects to the tep_redirect function which pretty much does the exact same thing. I haven't looked too much into the lastest snapshots so I don't know if anything else has changed that might have broken it, but it just sounds like it's being redirected to the wrong location. HTH
  4. The error occurred in ../functions/general.php line 2575, not logoff.php. Check that line...it's trying to output something to the screen in the header and causing the error.
  5. Sorry, I never got email notices from your posts. More than likely, you had an extra space after the closing ?> tag on that page. Line 62 would be close to last line, so that's what I think probably happened. Make sure there are no blank lines or spaces after the closing ?> at all and no echo or print statements anywhere in that function. Anything that tries to print something to the screen (even just a space outside of the php tags), will cause those header output errors.
  6. I found the lines in a snapshot from a few days ago, but not from the 2.2 I have from 8/2002 also. My guess is those exact lines are specific to the "new" checkout prodcedure, or at least an updated categories.php file. It's seems pretty clear that those particular variables are ones that get fowarded to the "Preview" section, so look for the /* Re-Post all POST'ed variables */ in categories.php and the new lines will probably need to be appended directly under that. HTH
  7. First, CAME_FROM is a field to be added to the user_tracking table, not a separate table itself. I made mine VARCHAR and length = 100 I think. I made a bunch of little changes here and there. Caveat: these are *quick* changes and have not been tested on a production server or with more than one user (me) online at the same time. Also, this will only work on PHP 4.1.0+ because I used superglobal arrays in the function. In catalog/application_top.php, after "tep_session_start();" I removed: // user_tracking modications if (!$referer_url) { $referer_url = $HTTP_SERVER_VARS['HTTP_REFERER']; tep_session_register('referer_url'); } catalog/includes/functions/user_tracking.php (whole file): <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2002 osCommerce Released under the GNU General Public License Modified by Ross Lapkoff ([email protected]) 12/13/2002 */ function tep_update_user_tracking() { if (!isset($_SESSION['referer'])){ if ($_SERVER['HTTP_REFERER'] != '') { $_SESSION['referer'] = $_SERVER['HTTP_REFERER']; } else { $_SESSION['referer'] = 'None or Privacy Enabled'; } } $customer_id = $_SESSION['customer_id']; $skip_tracking['64.91.104.73'] = 1; // useless without a static IP -- RSL if (isset($customer_id)) { $wo_customer_id = $customer_id; $customer_query = tep_db_query("select customers_firstname, customers_lastname from " . TABLE_CUSTOMERS . " where customers_id = '" . $customer_id . "'"); $customer = tep_db_fetch_array($customer_query); $wo_full_name = addslashes($customer['customers_firstname'] . ' ' . $customer['customers_lastname']); } else { $wo_customer_id = ''; $wo_full_name = 'Guest'; } $wo_session_id = tep_session_id(); if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $wo_ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $wo_ip_address = $_SERVER['REMOTE_ADDR']; } $wo_last_page_url = addslashes($_SERVER['REQUEST_URI']); if (isset($_SESSION['referer'])){ $referer = $_SESSION['referer']; } $current_time = time(); if ($skip_tracking[$wo_ip_address] != 1) tep_db_query("insert into " . TABLE_USER_TRACKING . " (customer_id, full_name, session_id, ip_address, came_from, time_entry, time_last_click, last_page_url) values ('" . $wo_customer_id . "', '" . $wo_full_name . "', '" . $wo_session_id . "', '" . $wo_ip_address . "', '" . $referer . "', '" . $current_time . "', '" . $current_time . "', '" . $wo_last_page_url . "')"); } ?> admin/user_tracking.php, change the query to include your new came_from field (around line 88 ): // we need to slurp all the customer tracking information out of the database $whos_online_query = tep_db_query("select customer_id, full_name, ip_address, came_from, time_entry, time_last_click, last_page_url," . and a few lines under that, define the variable for the referer with the rest of them: $user_tracking[$whos_online['session_id']]['came_from']=$whos_online['came_from']; Then around line 217 where the dispay tables are, find the current echo referer and replace it with the new variable: <!-- Replace this <td class="dataTableContent2" align="right" valign="top"><?php echo TEXT_ORIGINATING_URL ?></td> <td class="dataTableContent" align="left" valign="top"><?php echo chunk_split($referer_url,40,"<br>"); ?></td> --> <!-- With this --> <td class="dataTableContent" align="right" valign="top"><u><?php echo TEXT_ORIGINATING_URL ?></u></td> <td class="dataTableContent" align="left" valign="top"><?php echo $ut['value']['came_from']; ?></td> That's a lot of copy/paste, so hopefully there are no errors....let me know if you have any problems....
  8. Yes, the referer is simply registered as session variable in application_top, so when the session is destroyed, so is the variable. I just added a "came_from" field (and user_agent) to the user_tracking table so they will be stored permanently and added this to the catalog function (for PHP 4.1.0+): $if (isset($_SESSION['referer_url'])){ $referer = $_SESSION['referer_url']; } Then add the appropriate changes to the insert query (came_from = $referer) and then change the appropriate code in the admin page to call and display the new field. I haven't even tried it out yet, but it *should* work... ;)
  9. Wow, I guess we both missed it :D if ($_ENV('HTTP_X_FORWARDED_FOR')) { // this is not a function $ip = $_ENV('HTTP_X_FORWARDED_FOR'); $host = $_SERVER['REMOTE_HOST']; } else { $ip = $_SERVER['REMOTE_ADDR']); // extra ) $host = $_SERVER['REMOTE_HOST']; } Should be: if ($_ENV['HTTP_X_FORWARDED_FOR']) { // fixed [ ] $ip = $_ENV['HTTP_X_FORWARDED_FOR']; $host = $_SERVER['REMOTE_HOST']; } else { $ip = $_SERVER['REMOTE_ADDR']; // fixed ) $host = $_SERVER['REMOTE_HOST']; } Additionally, regarding the user_tracking contrib, it looks pretty cool. One thing I noticed is that even though the SIDs are logged and listed as the main heading for each user, the SIDs are still appended to URLs in each section. Since the URLs are active links and have the SIDs, you could click the link of someone in your store to see where they're at and accidentally share their session. Not a biggie I guess, but not really "right" either. Maybe more at issue is the fact that if the user leaves the window open for more than 20-25 min. idle and then starts browsing again, logging does not work. I'll assume that this is directly related to the session being deleted from the DB (when store sessions = mysql in my case). This might not be a big deal unless your store includes content to sit and read instead of just products to browse. For some reason, I always thought that OSC re-inserted a session into the DB if it timed out and was brought back to life?
  10. LOL, guess I should just open the file and copy/paste rather than typing it. As always, my code contains no warranty...use it at your own risk...typos and all ;)
  11. I haven't installed this script yet either, but on a banning script I added to my Admin login script (3 strikes and you're out), I used this to log their info with the ban: if ($_ENV('HTTP_X_FORWARDED_FOR')) { $ip = $_ENV('HTTP_X_FORWARD_FOR'); $host = $_SERVER['REMOTE_HOST']; } else { $ip = $_SERVER['REMOTE_ADDR']); $host = $_SERVER['REMOTE_HOST']; } Just define the REFERRER global inside the conditions and you'll be set...it works great...
  12. Yeah, that's correct, $_ENV['HTTP_X_FORWARDED_FOR']. Don't worry, I'll spruce it up if I like it...always do ;)
  13. Mattice-- Thanks for the link...I looked through the contrib section about 20x...never thought to look in the forums :) tyler-- Yep, after a quick peek, it works off an $HTTP_REFERER check: $referer_url = $HTTP_SERVER_VARS['HTTP_REFERER']; As I said, not all user agents will report this when entering your site, so don't count on seeing referers for every user...
  14. Sorry I don't have a solid answer for you, but this is the 3rd time I've seen a reference to a "user tracking" contrib, but I can't find it anywhere. Could you point me to it so I can check it out? More than likely it is expiring when the session dies. I won't say it's not reading your raw log files, but that would be a piece of work and unless you set it up to tell it where to find your logs and the format, it's more than likely working off of a simple $HTTP_REFERER check. If the browser/bot/program hitting your site has privacy enabled, it won't show where they came from. The ones that do show a referring URL and do make purchases should be able have that URL logged into the database with the order with little effort though...
  15. AFAIK, that contribution has no way to set the titles or any of the other info that it uses...it would be up to you to add the proper values to the fields for each product in the DB. I saved myself some work and added some code to admin/categories.php to insert the product name both to the products_name field and to the products_head_title field at the same time. I did also add three fields to the bottom of the product insert/edit section to work with the title, description and keywords on the pages rather than in the DB. If you'd want to use the exact product names to include in the title instead of something else, you can try changing this code in the functions/header_tags.php under the tep_get_header_tag_products_title function. Change this: $product_header_tags = tep_db_query("select products_head_title_tag from " . TABLE_PRODUCTS_DESCRIPTION . " where language_id = '" . $languages_id . "' and products_id = '" . $HTTP_GET_VARS['products_id'] . "'"); to this: $product_header_tags = tep_db_query("select products_name from " . TABLE_PRODUCTS_DESCRIPTION . " where language_id = '" . $languages_id . "' and products_id = '" . $HTTP_GET_VARS['products_id'] . "'"); This should automatically pull the product names in for use in the page titles. Again, if you want to use a title different from the product names, don't use this. HTH
×
×
  • Create New...